top of page
Helping Hands

Privacy Statement


The General Data Protection Regulation (GDPR) is concerned with the personal information about you that is collected, stored and shared. This privacy notice details our GDPR policy so that you can feel confident about what is done with your information. GDPR is a law and it is about ensuring that individuals feel safe and knowledgeable about how others use information they hold. If anything does not make sense or isn’t clear, please do ask any questions. The lead therapist of My Thinking Space is known as the ‘data controller’ of the personal information you provide us with.

Contact Details; My Thinking Space Email address:

If you are not happy with any aspect of how we collect and use your data, you have the right to complain to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues ( We would be grateful if you would contact us first if you do have a complaint so that we can try to resolve it for you. It is very important that the information we hold about you is accurate and up to date. Please let us know if at any time your personal information changes by emailing


Personal information means any information capable of identifying an individual. It does not include anonymised information. We may collect the following types of personal information about you including:

 ● Identity - may include your full name, date of birth and gender. 

● Contact - may include your address, email address and telephone numbers (including permission to send text messages and leave voice messages). 

● Financial - may include your bank account and payment card details. 

● Transaction - may include details about payments made to us. We also need to collect the following sensitive information about you in order to deliver our services:

● Information about your health [including your GP name and address and any other health professionals with whom you may be involved, health history and current health situation].

 ● Information about education provider or place of work. 

● Summary of your sessions. 

● Any emails you send. We require your explicit consent for processing sensitive information, so when you submit your details, we will send you a further communication asking for you to confirm your consent to this processing. Where we are required to collect personal information by law, or under the terms of the contract between us and you do not provide us with that information when requested, we may not be able to perform the contract (for example, to deliver goods or services to you). If you don’t provide us with the requested information, we may have to cancel a product or service you have ordered but if we do, we will notify you at the time. For example, sometimes it may be important for us to be able to contact other professionals who are supporting you (for e.g. your GP), if we do not have this information we may not be able to continue to offer you a service. Should this happen we would always talk to you about this first. We will not collect any personal information from you that we do not need in order to provide our service to you.


We collect information about you through a variety of different methods including: Direct interactions: You may provide information by filling in forms on our site or by communicating with us by post, phone, E-mail or otherwise, including when you:

• order our services

 • give us feedback 

Automated technologies or interactions: As you use our site, we may automatically collect Technical Data about your equipment, browsing actions and usage patterns. We collect this data by using cookies, server logs and similar technologies. We may also receive Technical Data about you if you visit other websites that use our cookies. 


We will only use your personal information when legally permitted. The most common uses of your personal data are:

  1.  To provide the service agreed with us

  2.  Where it is necessary for our legitimate interests and your interests and fundamental rights do not override those interests 

  3. Where we need to comply with a legal or regulatory obligation. Purposes for processing your personal information Set out below is a description of the ways we intend to use your personal information and the legal grounds on which we will process such information.

We have also explained what our legitimate interests are where relevant. We may process your personal information for more than one lawful ground, depending on the specific purpose for which it is being used. Please contact us at if you need details about the specific legal ground we are relying on to process your personal information where more than one ground has been set out in the table below. 

Purpose/Activity Type of information Lawful basis for processing

To register you as a new customer; Identity, Contact e.g. email address/phone number Performance of a contract with you; To process and deliver your services including, Manage payments, fees and charges; Collect and recover money owed to us, Identity, Contact, Financial, Transaction; Performance of a contract with you, Necessary for our legitimate interests to recover debts owed to us; To manage our relationship with you which will include: Notifying you about changes to our terms or privacy policy, Asking you to leave feedback, Identity, Contact, Profile, Performance of a contract with you, Necessary to comply with a legal obligation, Necessary for our legitimate interests to keep our records updated and to study how customers use our services To administer and protect our business and our site (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data) (a) Identity (b) Contact (c) Technical (a) Necessary for our legitimate interests for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise (b) Necessary to comply with a legal obligation Marketing communications. You will not receive marketing communications from us. Change of purpose; We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason which is compatible with the original purpose. If you wish to find out more about how the processing for the new purpose is compatible with the original purpose, please email us at .If we need to use your personal information for a purpose unrelated to the purpose for which we collected it, we will notify you and we will explain the legal ground of processing. We may process your personal information without your knowledge or consent where this is required or permitted by law. 


We may have to share your personal information with the parties set out below

• Service providers who provide IT and system administration services. 

• Professional advisers including lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services. 

• HM Revenue & Customs, regulators and other authorities based in the United Kingdom and other relevant jurisdictions who require reporting of processing activities in certain circumstances. We require all third parties to whom we transfer your information to respect the security of your personal information and to treat it in accordance with the law. 

We only allow such third parties to process your personal information for specified purposes and in accordance with our instructions;

Consultation and Supervision: Your therapist will receive monthly supervision with other Clinical Psychologists. This is to ensure high quality clinical practice and is a standard part of being a Clinical Psychologist. In order to protect your privacy, the supervisor will not know you personally or professionally and you will be referred to by your first name only. Your information may be referred to verbally when it is helpful to professional processes. 

Emergencies; If you are thought to be at risk in any way, your information may be shared with an emergency healthcare service (e.g. GP, Mental healthcare crisis team) or with a Social Worker (however we would always endeavour to discuss this with you in advance). If your therapist has become aware of any intent by you to cause harm to another person or organisation (e.g. terrorism), the law may require that they inform an authority without seeking your permission. In such a situation, the law may require that your personal information is shared without your knowledge.

Therapeutic Will: Your name and contact details will be shared with your Clinical psychologist’s Therapeutic Executor. This is so that you can be contacted in the event of their death should you be receiving therapy from them.


We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality. We have put in place procedures to deal with any suspected personal information breach and will notify you and any applicable regulator of a breach where we are legally required to do so. 


We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. We will hold onto your written information for 7 years past the end of our working together, or until you are aged 25 if you are under 18 years of age. This is so that we have a reference of our work in situations such as you returning to therapy in the future. After this time has passed, written information will be shredded. We are required by UK tax law to keep your basic personal information (including name, address, contact and financial details) for a minimum of six years after which time it will be destroyed. In some circumstances you can ask us to delete your data: see below for further information. 


You have rights under data protection laws in relation to your personal

information. These include the right to:

• Be informed about what information is held about you (i.e. this document) 

• Request access to your personal information – to see what information is held about you (free of charge for the initial request).

 • Request correction of your personal information – rectify any inaccuracies or incomplete personal information 

• Request your personal information be erased (although we can decline whilst the information is needed to practice lawfully and competently). 

• Object to processing of your personal information. 

• Request restriction of processing your personal information. 

• Request transfer of your personal information.

 • Right to withdraw consent for us to use your personal information You can see more about these rights at: 

If you wish to exercise any of the rights set out above, please email us at You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances. We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal information (or to exercise any of your other rights). This is a security measure to ensure that personal information is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response. We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated. 


This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share information about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.


 You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly. NB: A printed copy of this statement will be given to you at your first appointment. 

Last Updated 13th November 2020

bottom of page